# create a new koji hub server system
# NOTE: should be used with --limit most of the time
# NOTE: most of these vars_path come from group_vars/koji-hub or from hostvars

- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=koji_stg:koji"

# Once the instance exists, configure it.

- name: make koji_hub server system
  hosts: koji_stg:koji
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  pre_tasks:
    - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
      tags: always
    - import_tasks: "{{ tasks_path }}/osbs_certs.yml"
    - import_tasks: "{{ tasks_path }}/yumrepos.yml"

  roles:
  - base
  - rkhunter
  - nagios_client
  - hosts
  - ipa/client
  - collectd/base
  - apache
  - role: keytab/service
    service: kojira
    host: "koji{{env_suffix}}.fedoraproject.org"
  - role: keytab/service
    service: koji-gc
    owner_user: apache
    host: "koji{{env_suffix}}.fedoraproject.org"
  - koji_hub
  - role: keytab/service
    service: HTTP
    owner_user: apache
    host: "koji{{env_suffix}}.fedoraproject.org"
  - { role: nfs/server, when: env == "staging" }

    # production nfs mounts from netapp
  - role: nfs/client
    mnt_dir: '/mnt/fedora_koji'
    nfs_src_dir: 'fedora_koji'
    when: env == 'production' and inventory_hostname.startswith('koji')

  - role: nfs/client
    mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive00'
    nfs_src_dir: 'fedora_koji_archive00'
    when: env == 'production' and inventory_hostname.startswith('koji')

  - role: nfs/client
    mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive01'
    nfs_src_dir: 'fedora_koji_archive01'
    when: env == 'production' and inventory_hostname.startswith('koji')

  - role: nfs/client
    mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive02'
    nfs_src_dir: 'fedora_koji_archive02'
    when: env == 'production' and inventory_hostname.startswith('koji')

  - role: nfs/client
    mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive03'
    nfs_src_dir: 'fedora_koji_archive03'
    when: env == 'production' and inventory_hostname.startswith('koji')

  - role: nfs/client
    mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive04'
    nfs_src_dir: 'fedora_koji_archive04'
    when: env == 'production' and inventory_hostname.startswith('koji')

  - role: nfs/client
    mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive05'
    nfs_src_dir: 'fedora_koji_archive05'
    when: env == 'production' and inventory_hostname.startswith('koji')

  - role: nfs/client
    mnt_dir: '/mnt/koji/ostree'
    nfs_src_dir: 'fedora_ostree_content/ostree'
    mount_stg: true
    when: env != 'staging'

  - role: nfs/client
    mnt_dir: '/mnt/koji/compose/ostree'
    mount_stg: true
    nfs_src_dir: 'fedora_ostree_content/compose/ostree'
    when: env != 'staging'

  - role: nfs/client
    mnt_dir: '/srv/odcs'
    nfs_src_dir: 'fedora_odcs'
    when: env != 'staging'

    # In staging, we mount fedora_koji as read only (see nfs_mount_opts)
  - role: nfs/client
    mnt_dir: '/mnt/fedora_koji_prod'
    nfs_src_dir: 'fedora_koji'
    when: env == 'staging' and inventory_hostname.startswith('koji')

  - role: nfs/client
    mnt_dir: '/mnt/koji/ostree'
    nfs_src_dir: 'fedora_ostree_content/ostree'
    mount_stg: true
    when: env == 'staging'

  - role: nfs/client
    mnt_dir: '/mnt/koji/compose/ostree'
    mount_stg: true
    nfs_src_dir: 'fedora_ostree_content/compose/ostree'
    when: env == 'staging'

  - sudo
  - role: rabbit/user
    username: "koji{{ env_suffix }}"
    sent_topics: ^org\.fedoraproject\.{{ env_short }}\.buildsys\..*

  tasks:
  - import_tasks: "{{ tasks_path }}/motd.yml"

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: configure sshfs target on koji01
  hosts: koji01.iad2.fedoraproject.org:koji01.stg.iad2.fedoraproject.org
  tags:
    - sshfs
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  tasks:
  - name: Put public sshfs key in place
    authorized_key: user="root"
                    key="{{ lookup('file', '{{ private }}/files/releng/sshkeys/primary-s390x-sshfs' + '-staging.pub' if env == 'staging' else '{{ private }}/files/releng/sshkeys/primary-s390x-sshfs.pub') }}"
                    state=present
                    key_options='command="internal-sftp",from="{{ '10.16.0.25' if env == 'staging' else '10.16.0.28,10.16.0.26,10.16.0.27' }}",restrict'
    tags:
    - sshfs

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"
